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A METHOD OF PREPARING A DOCUMENT SO THAT IT CAN BE 
AUTHENTICATED 

5 

BACKGROUND OF THE mVENTION 

1 ! Field of the Invention 

10 This invention relates to a method of preparing a document so that it can be authenticated. 
The docximent may be a check and the method then enhances the security of the check 
cashing operation at locations remote from the issvung bank, 

15 2. Description of the Prior Art 

The advent of Check 21 legislation has given a huge boost to the provision of methods of 
check authentication based on electronic images. The use of scanners ranging from high 
speed scanners used at central check processing locations tiirough to desktop scanners has 
20 burgeoned. This development provides an incentive to use security methods based primarily 
on imaging techniques. 

In recent years there have been many methods proposed to authenticate checks. One tj^e of 
authentication already used is the Positive Pay system where a list is made of all issued 
25 checks and despatched to the reconciling Banks on a daily basis. This system detects any 
falsification after the checks have been despatched from the Bank of First Deposit to the 
issuing Bank. 

A more recent version of tiiis system is described in US6,4,64,134 (Page, not assigned) where 
30 die details of issued checks are sent to a central processing agency to which check cashing 
outiets have on line access. The central agency confirms tiiat die details on die check 
cQrrespond to diose stored at the time of issue. 
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A second type of authentication has avoided the necessity of transmittiiig issue files by 
adding coded data to die check itself and using mediods based on image processing to 
verify the human readable data. 

5 

Abathorn (EPO 699,327B1) select at least two critical items of data and encode them into 
machine readable form so that verification may be carried out by comparing the machine 
readable and hioman readable data. They do not indicate any encryption and it appears that 
the encoding is in a standard form so that no access will be required to encryption or 
10 hashing keys. 

ASDC (US 6,233,340) describe a mediod of authentication in which check variable data is 
irreversibly encrypted and added to the check in machine readable form such as a bar code. 
Verification is by regenerating the same machine readable code and comparing the two 
15 versions. The keys for encryption have to be known to both encryptor and validator and tiiis 
fact makes it' a less suitable schemes for distributed validation. In a later patent (US 
6,549,624) die use of asymmetric (public/private) encryption is propose4 thus adding a level 
of security which would be more appropriate for remote check cashing facilities. In this 
patent die encrypted data is decrypted to compare it witii the human readable data. 

20 

ChequeGuard (US6,073,121) also propose tha.t all of the check data be encr)^ted and 
encoded into a machine readable symbol placed above the MICR line. Again verification is 
by decoding the symbol and comparing with original data. The encryption keys are notified 
to Banks and businesses in advance. 

25- 

Payformance (US 6,170,744) describe a similar method of hashing data with the added 
security of a digital signature, all encoded into a graphical symbol. However, in a pair of 
more recent patent applications (US2G020174334A1, US20020174074A1) die data which is 
hashed includes a personal identifier to allow for verification of identity at POS. In this case 
30 the key for hashing can either be accessed on line at the check cashing outiet or else a 
verification authority is available online to carry out die process. Also the hashed data is 
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added to the MICR line so diat it may be humanly readable or read by a MICR reader, 
dispensing with the need £ot scanners and imaging technology. 

In all of these methods there is a selection of data which is encoded for verification. The 
data may be in plain form or encrypted or hashed, and in some cases a digital signature is 
added for extra security. The handling of the security keys is a prime concern. Where the 
keys have to be distributed prior to any transaction the metiiod is less appropriate for wide 
distribution. The problem can be offset to some degree by a public/private key scheme. 
Another alternative is the use of online access to keys or decryption services. 
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In a first aspect of the invention, there is a method of prepadng a document so that it can be 
authenticated; comprising the following step^. 

(a) selecting data sufficient to authenticate the document; 

(b) generating a cryptographic key to encode die selected data; 

(c) encoding the cryptographic key so that it forms a digital representation of a 
graphic image; and 

(d) printing the graphic image on the document 

An acivantage of an implementation of the present invention, in which the document is a 
check, is that it provides a higher level of security and is especially appropriate for 
transactions at check cashing outiets, banks of first deposit or POS. The improvement 
arises from the inclusion of a graphic on the original check stock which contains the key 
used to process the check data. Thus according to the invention the authentication will be 
available witiiout any recourse to on line facilities and hence can be available for remote 
agencies. 

The invention also makes it possible to use a different key for every check thereby increasing 
die security of die encoding. This key may be used in a variety of ways including some of the 
previously described techniques for autiientication. 

This compares with the prior art where the key is either (a) predistributed (b) part of a 
public/private key scheme (c) available on line or available to a service provider who is 
online. 

The use of a graphic provides a substantial obstacle to easy fraud both through die technical 
difficulty of producing a graphical artefact that appears genuine and through die need to 
have access to the decoding mediodology. 

There are many situations in which the graphic may be used. One such is where official 
checks are issued by cashiers. In this case the cashier selects a check firom check stock that 
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has a key encoded into a graphic. The key will be randomly generated. The check is first 
scanned and die interpretative algorithm applied to determine die value of die key. Then 
a hash is calculated from some combination of variable data on the check, the hash 
depending on die key encoded in the graphic. This hash is printed onto die MICR line in die 
5 allowable positions in the form of a 4 digit number. Alternatively it may be handwritten or 
printed in any available part of the check. 

When such a cashier's check is presented at a POS or other transaction agency, die graphic is 
again scanned to retrieve the key and the same data as used at issuance is hashed using that 
10 key. The number that is obtained is compared with the hash value previously added to die 
MICR line or elsewhere on tiie cheque. 

In order to enhance security the value of the key derived from the graphic may be fed 
direcdy into the hashing algorithm without being revealed to die operator at the time of 
adding and verifying the hash. 

The process of verification can be further automated by retrieving die data on the check by 
analysing the scanned image and using OCR techniques to interpret die human readable text 
and die MICR line data. 

In an alternative implementation where an individual wishes to write a check on his own 
account he may use check stock, printed as described with a data bearing graphic, where the 
graphic also contains a PIN number known only to that individual. When such a check is 
presented the individual is able to confirm his identity by typing in his PIN to a key pad 
where its validity will be confirmed by software which will decode the PIN from the graphic 
by analysing a scanned image of tiiat graphic. 
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detahjed description 

The invention is concerned with the automatic authentication of checks, other documents of 
intrinsic value, printed packaging or any other object that can carry a printed image, 
5 Aldiough the descriptions as given relate to checks only the extension to otiier documents is 
trivial. Essentially there is an audientication protocol which depends upon die use of keys 
whose values are stored in an itiformation bearing graphic. 

Below is a description of nature of such graphics and protocols. 

10 

Information Bearing Graphics 

There are many tjrpes of information bearing graphics currentiy in use, most well known 
being bar codes in one (Figure 1) or two dimensions (Figure 2.) There are well established 
15 simple designs such as the datamatrix (Figure 3) and dataglyphs (Figure 4). 

A more flexible approach known as *Seal' encoding is described in patent 
PCT/ GB02/ 00539 where information bearing graphical symbols may take one of a vmety 
of forms that wiU fit into the existing design of a document (Figure 5). ^Seals' are two 
20 dimensional graphical symbols; when formed into a graphic image, the external shape of the 
graphic image can be adapted so that it is visually compatible with otiier images on the 
document Also, die appearance of the graphic image can be adapted so tiiat it is visually 
compatible with otiier images on tiie docimient. 

25 AU of these graphics comprise a set of geometric units each of which conveys an amount of 
information either by virtue qf its shape or its dimensions. An important requirement for die 
use of such graphics is that tiie printing shall be of sufficient quality and high enough 
resolution in terms of pixels per inch to allow the coding units to. be distinguishable one 
firom another. Thus in a bar code no two bars must be allowed to merge into one another 

30 and bars intended to be of different widths must be clearly identifiable as such. Equally when 
the graphics are scanned the resolution must be sufficient so as to reveal the same 
distinctions. In practice total reliability can never be assured firom die printing and scanning 
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process and so a degree of redundancy is included, usually in a mathematically sophisticated 
error correction scheme, many examples of which are well described in published texts. 

The first stage in the automatic reading of such graphics is die scanning of the document 
5 containing diem and conversion to an electronic file. A purely geometrical interpretation is 
die first process to be carried out, reading off the units of information as described above. 

The second stage in the interpretation is the conversion of the units to arithmetic form, 
usually expressed as a string of binary bits or a string of characters of some higher number 
10 base. This geometric to arithmetic conversion is often a well established standard, as with 
bar codes, and will always be known in advance both to the encoder (or printer) and the 
decoder (or scanner.) 

The arithmetic string will at this stage almost certainly contain errors arising from. 
15 degradation of the document, blobs and missing elements, or from losses due to 
misalignment of scanners etc. In order to recover the original string an error correction 
process has to be applied which uses the redundancy in the information to correct any errors 
or omissions in die data. Following this process the recovered data is'in the form of a string 
whose accuracy is well established. 

20 

Frequentiy as part of the error correction process die geometdc units corresponding to any 
given part of the data may be distributed tiiroughout the graphic in order diat localised 
degradation of a document should not result in loss of sections of information. In the case 
of Seal encoding this is done explicitiy by the use of permutations of data, 

25 

The final process is the interpretation of the recovered string. In some case this string 
corresponds to plain text and may actually consist of ASCII symbols or equivalent. In other 
cases the string will be an encrypted string probably using a standard encryption such as 
triple DES or an RSA scheme, 

30 

The important point as far as the invention is concerned is diat information bearing graphics 
require several parts in their interpretation, some of which are standard or widely available to 
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decoders,- odiets of which are of controlled access and distributable only to those who are 
authorised decoders. Further, the parameters which govern the interpretation are usually 
such that they can be altered at reasonable intervals of time but not necessarily every time an 
interpretation is to take place, i.e. it is not necessary to be permanentiy on line. 
5 ' 

Authentication Protocols 

Authentication protocols produced by Pajrformance, Sandru et al were referred to in an 
earlier section. They all have a common framework as described below. 

10 

At the time of issiaing checks a certain amount of essential information is printed onto the 
face of the check, whist other information such as the bank's routing number and the 
account nximber may be already printed on the check stock . This new information must 
include at least the amount that is to be paid, but probably includes the date and other 
15 information that the paying bank requires such as die payee name. As well as being written 
on the body of die check the amount is also, written in magnetic ink along die bottom of die 
check in what is known as die MICR line. 

. Unfortunately fraudsters attempt to subvert die system for tiieir own ends by falsifying the 
20 data, typically altering the Payee to their own or an accomplice's name or altering die figure 
• for die amovmt 

The banks concerned in die check transaction attempt to identify such fraud at die clearing 
stage when the checks are automatically processed at high speed using powerful scanners. 
25 The checks are scanned to electronic files which are processed to extract information. The 
most relied upon information is extracted from the MICR line which, being written in 
magnetic ink in a block like font is easily readable. The MICR line contains at least the 
paying bank's routing number and the amount of the transaction. However, some banks also 
use Optical Character Recognition (OCR) to read the Payee information. 

30 

The authentication protocols attempt to protect this information, which is easily human 
readable, by encoding the same information in a machine readable form. Apart from the 
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advantage of being machine readable the information is less easily falsified on account of its 
graphical coding. 

There remains a problem that a fraudster may analyse the graphics appearing on checks and 
determine how they relate to the data unless the graphics are encoded in some way. Thus 
most of the protocols use one of two methods of encrypting data. 

The first medciod is to Tiash' the selected data,'that is to say produce a digest of the data such 
that it is not possible to discover the original data from the hash. Well known algorithms 
such as SHAl and MD5 exist for this purpose. When the check is printed the hash value is 
added, usually in machine readable form but possibly in human readable form, maybe as four 
or five digits. At the time of authentication the selected data which has been hashed is read 
from the check either by an operator or by using OCR. This data is then hashed and the 
value obtained is compared with the hash value which has been encoded onto the check. If 
the values agree the check is regarded as authentic. 

The second method is to encrypt the data using one of the. many well tried encryption 
schemes that is currentiy published. This method is essentially the same as the above except 
that when the encrypted value is read from the check the original selected data should be 
retrievable using the inverse of the encryption algorithm. The values so obtained can then be 
compared with the original selected values. 

Both of these methods require the provision of an encrypting key and it is the means of the 
provision of this key that forms the essence of this invention. 

There are several proposals already existing for the handling of keys. The most 
straightforward is to simply distribute the decoding key to all authorised agencies who wish 
to carry out authentication. The security of issuing a key which is probably in a standard 
form for carrying out a standard cryptographic process is debatable. A further issue is that 
large numbers of cl^ecks will be issued using the same key and there will probably be many 
checks with almost identical data. In this circumstance the problem of analysing the 
encryption method is considerably simplified for any wovdd be firaudster. 
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An alternative frequentiy used is to utilise an asymmetnc encryption scheme, that is to say a 
scheme where the decoding keys differs from the encoding key and knowledge of the 
decoding key gives no information about the encoding method. This solves to a degree die 
5 key security problem but does notiiing to improve the repetition of data threat 

.Probably the maximum security is obtainable if the key is provided on line for every check. 
This means that at the time of authentication the recipient of the check logs on to a central 
agency with whom he is registered and requests a decoding key. This may be rather too 
10 lengthy a process for a busy check cashing agency. 

The method proposed by this itivention overcomes the drawbacks of the preceding 
mediods. 

15 Use of Graphically Encoded Keys 

In one exemplary implementation of the invention an information bearing graphic is added 
to check stock as it is printed. This graphic has encoded within it a key, Kq suitable for 
cryptographic purposes. The key is generated preferably by a random process but at least by 
20 a non sequential method that makes it difficult to link the key to any data encoded on the 
stock. The stock is typically printed with a bank routing number and a check and account 
number as a minimum. 

Where such' checks are being issued by a bank cashier in the form of an official check the 
25 cashier will select an individual check and enter on it the name of the Payee and the amount 
of the transaction. The cashier will take a selection, S, of the entered data (also the 
preprinted data e.g. account no.) for the purposes of authentication, either hashing the data 
producing a value H(S) or encrypting it producing a string E(S) according to whichever 
protocol the bank has decided upon. In order to carry out this process the cashier will need 
30 die appropriate key, K^. 
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The key, K^, is present on the check in the form of a graphic so the cashier has to interpret 
the graphic. One method is for the cashier to scan the check and use software that 
incorporates the graphic encoding algorithm to decipher the key. In a preferred 
implementation the value of the key is not revealed to the cashier, rather the value is fed 

5 straight into the hashing or encryption software without being apparent in any explicit form. 
An alternative is that a database is generated before the printer prints the check stock, die 
database indicating which key should be inserted for which check number. This database 
would also be available to the cashier at the time of issuing the check. The results of the 
hashing or encryption are entered onto the check either as another graphic or as a character 

10 string. 

The advantage of this method is that each check has a different key with which to encode 
die authenticating data and although two checks might be issued successively with similar 
data the encrypted data in the two cases will differ considerably. 

15 

When the check is presented for cashing or for payment for an item die first requirement for 
authentication is diat die key, Kq^ be read. There is no need to go online to retrieve the key, 
instead an inexpensive desktop scarmer can be used to image the check in electronic form. 
This can be fed into the software which interprets the graphic and provides the key. The 
20 parameters involved in interpreting the graphic, die error correction scheme, any encryption 
parameters or possible permutations will preferably be downloaded to die check cashing 
oudet at widely spaced intervals of time. There will be no need to go online for every check, 
but at die same time the possibility exists to amend the parameters from time to time to 
enhance security. 

25 

If the check has a hash value, H(S) encoded onto it the key , K^^ will be used to generate a 
hash of the appropriate selected data. This generated hash value will be compared with H(S) 
for the purposes of audientication. 

30 If die check has encrypted data, E(S), encoded onto it then , K^, will be used to decrypt 
E(S) and the check will be regarded as authentic if the decrypted value is equal to S. 
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There are many possible variants of the above protocol which aU use a similar method of 
storing the key in graphical form. The data may be any combination of that present on a 
check or other secure document. 

5 There are also several possibilities for die type of key to be stored depending on the method 
of hashing or encryption tiiat has been selected. There will be limits to the payload which a 
graphic can store without its becoming too obtrusive and so die use of mediods such as 
elliptic curve cryptography, where the requirement is for a limited size key only, will simplify 
matters. 

10 

As previously mentioned, one possibility is that die key should in fact be a form of personal 
identification (PIN). In tiiis case instead of, or as well as, the use of a key to decrypt a string 
the key could be used in software designed to authenticate the person presenting the check. 
At the point where the transaction takes place die graphic is scanned to retrieve the key/PIN 
15 and the person offering the check independentiy types in his/her PIN, the application 
confirming or otherwise die matching of the two values without actually revealing explidtiy 
what that value is. 

'Seal' encoding allows a particularly convenient method for controlling the decoding of the 
20 key on account of its use of permutations to distribute die data. The techniques and software 
for encoding and decoding remain unaltered dirough all uses but the permutation can be, 
distributed whenever security and convenience dictate and will alter the details of die graphic 
making it impossible to for fraudsters simply to identify patterns corresponding to particular 
data. The permutations can be given in the form of a simple string and the process of 
25 introducing a new permutation to the software is of die utmost simplicity. 



